Sherman's Security Blog
I am Sherman Hand. (also known as Policysup) I have created this blog and will use a part of my day to write about what is going on in the world. I hope to discuss things in a down to earth and practical way. I hope to hear back from you on your thoughts. I do not in any way intend to speak for my employer. The content of this blog will be either opinions that are strictly mine, general observations,re posts, or information that is already in the public domain.

Here’s a quick list of security-related tips and tricks that can be emailed to the staff (or anyone).

The email below acts as a quick awareness message that can be sent to the entire company or anyone.

In addition to the tips and tricks below, this time of year is also the perfect time to remind staff about IT policies, including device access, support, passwords, and data protection.

Note:This list is compiled and edited down from a number of sources including McAfee, Tony Gill (AppRiver), and Mark Stanislav (Duo Security).

Scams and Schemes

This holiday season, criminals will take full advantage of clever shoppers looking to score a good deal or save some cash. Here’s a list of common schemes and scams to be on the lookout for.

Fake charities –

Giving is a common theme during the holidays. It shouldn’t come as a shock to learn that criminals will steal funds from those who need it most, but each year thousands of people fall victim to charity scams.

If you wish to donate this year, call or visit the foundation directly, or use their official website. Avoid collection points such as Indiegogo and GoFundMe, especially if the request to donate comes out of the blue.

Use caution, and your best judgment, if approached for a donation in public. If you’re unsure, or feel pressured, don’t feel bad about saying no.

Advertising –

Keep an eye out for ads that promise a known brand at a steep discount, especially if the promise comes from an ad on the Web. Criminals will use fake ads to lure people to malicious websites. In the past, these types of lures have been used to push malware and instigate financial crime.

Coupons (especially if they come from Target, Kmart, or Home Depot) –

There were nearly a billion records compromised in 2014.

Thus, criminals have a large amount of data at their disposal, and they’re not above using it to target you. Keep an eye out for customer reward offers, or emails that claim to represent some of the larger retail outlets that were breached this year.

Check the email for grammatical errors and typos, as that’s usually the fastest way to spot a fake. Remember, retailers will never ask you to email personal or financial data, and any offer they make via the Web, you can usually get them to honor in-store.

Delivery receipts / error notices –

Another common scam – often hitting its peak this time of year – centers on consumers who do most of their shopping online.

Criminals will send fake shipping notices, charge notices, or delivery error notices, in order to trick you into following a link or opening an attachment. The links and attachments are all malicious, either leading to information loss or malware installation.

If you’re not expecting a delivery, or you didn’t order anything, most of these notices can be safely ignored. However, if you see one of these fake notices and are concerned, call the retailer directly and avoid the email entirely. The retailer can inform you of any issues, and provide a phone contact to the shipping company if needed.

Personal Protection

Another way to hinder criminals this holiday season is to increase your financial visibility and limit access.

Pre-paid credit cards –

Given the number of records compromised in 2014, it might be easier to purchase pre-paid credit cards and use those for shopping online. This way, if the card details are stolen, the loss to you is minimal.

Fraud notifications –

Often, people don’t think about this option until it’s too late.

Credit card companies (Capitol One / American Express) as well as several banks offer mobile applications that let you receive fraud notices and respond to them, all without having to make a phone call.

Check with your financial institution to determine if such offerings exist and learn their limits. Sometimes, it’s possible to get alerts if spending hits a certain amount, or if there are several transactions within a certain amount of time. Knowing where your money is, and how it is being spent can prevent fraud before it gets out of control.